An advanced persistent threat (APT) attack represents one type of cyber security attack that is difficult to detect using traditional intrusion detection techniques. An APT attack is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The goal of an APT attack is to steal data rather than to cause damage to the network. Therefore, APT attacks generally target organizations in sectors with high-value information, such as national defense, manufacturing and the financial industry.
In a simple non-APT attack, the intruder tries to get in and out as quickly as possible in order to avoid detection by the network's intrusion detection system. In an APT attack, however, the intruder's goal is not to get in and out, but rather to achieve ongoing access. To maintain access without discovery, the intruder may continuously rewrite code and employ sophisticated evasion techniques. Some APT attacks can be so complex that they require a full-time administrator.
An APT attacker often uses “spear fishing,” a type of social engineering access to the network through legitimate means. Once access has been achieved, the attacker establishes a backdoor, gathers valid user credentials (especially administrative ones), and moves laterally across the network installing more backdoors. These backdoors then allow the attacker to install bogus utilities and create a “ghost infrastructure” for distributing malware that may remain hidden in plain sight.